77 matches found
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...
agent-framework-azurefunctions (>=1.0.0b260519 <=1.0.0b260521), agent-framework-durabletask (>=0.0.1b260113 <=1.0.0b260521) +6 more potentially affected by unknown CVE via durabletask (=1.4.0)
durabletask PYPI version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on durabletask and may be impacted: - agent-framework-azurefunctions =1.0.0b260519, =0.0.1b260113, =0.1.0, =0.0.1rc1.dev1567, =0.0.0.dev1, =0.0.0.dev1, =0.3.0, =0.11.2 Source...
CVE-2026-41491
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...
CVE-2026-41491
CVE-2026‑41491 affects Dapr. An ACL bypass vulnerability in service invocation lets an attacker exploit reserved URL characters and path traversal sequences in method paths, causing the access control policy to be evaluated against a different path than what the target application receives. The m...
CVE-2026-41491 Dapr: Service Invocation path traversal ACL bypass
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...
EUVD-2026-28553
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...
Dapr 路径遍历漏洞
Dapr is a portable, serverless, event-driven runtime developed by Dapr Open Source. Versions of Dapr from 1.3.0 to 1.15.14, as well as versions from 1.16.0-rc.1 to 1.16.14 and from 1.17.0-rc.1 to 1.17.5, have a path traversal vulnerability. This vulnerability stems from the use of reserved URL...
CVE-2026-41491 vulnerabilities
Vulnerabilities for packages: dapr...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: pgtimetable, gitness, cerbos, pgwatch, spire-server-fips, certificate-transparency-fips, dapr, hydra, amass, ferretdb, sftpgo, step-ca, falcosidekick, rke2-runtime, bento, telegraf, peerdb-flow, ldap2pg, azure-service-operator, ory-kratos-fips, jitsucom-bulker,...
CVE-2026-41491 vulnerabilities
Vulnerabilities for packages: dapr...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: flyte, splunk-otel-collector, bento, jitsucom-bulker, dapr, spire-server, gitness, envoy-gateway, certificate-transparency, grafana-alloy, kubeflow-pipelines, hydra, caddy, azure-service-operator, wal-g, cloudnative-pg, spqr, openbao, k3s,...
GHSA-85GX-3QV6-4463 vulnerabilities
Vulnerabilities for packages: dapr...
GHSA-85GX-3QV6-4463 vulnerabilities
Vulnerabilities for packages: dapr...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...